Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
0
votes
0 answers

searching tcp payload for a string occurrence

i am writing a code to search tcp payload of every packet in a libpcap file, to search for a string. so what i am trying to do is, pcap_handle_in = pcap_open_offline(infile, pcap_errbuf); . . . while (pcap_next_ex(pcap_handle_in,…
user3013807
  • 57
  • 3
0
votes
1 answer

How to ignore broadcast package in libpcap program?

I am working on the monitor network program using libpcap. I have searched but fail to find the good way to ignore the broadcast packages filter expression so that I set it to kernel. Could you please give me the advice or the sample of code for…
Anh Ma
  • 11
  • 1
0
votes
1 answer

How to discover which is the protocol in the 802.11 body frame?

I would like to know how to discover which is the network protocol in the 802.11 body frame, I mean, for example, the ethernet frame has the field "type", but in the 802.11 standard and I didn't find any field to show me which is the protocol.
Alex
  • 3,301
  • 4
  • 29
  • 43
0
votes
1 answer

Libnet missing some defines flags

Once I've installed libnet1-dev, check out the configuration settings by issues "libnet-config --defines", but it is no way to find "-DLIBNET_LIL_ENDIAN" flag. libnet-config --defines -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD…
user1884888
  • 125
  • 1
  • 2
  • 12
0
votes
2 answers

beacon frame captured by libpcap is something strange

I captured beacon frame with library libpcap(Ubuntu, c) I changed wlan mode to monitor and captured by following function calls // 3000 is large enough number for test pcd = pcap_open_live(dev,3000,PROMISCUOUS,-1,errbuf) // filter with "wlan type…
user3050118
  • 15
  • 4
0
votes
1 answer

How to save Ethernet frames in pcap format

I am writing an application that listens to a network interface, picks some frames, edits them and then saves them to disk. Very similar to tshark and tcpdump. My code is written in C++ However, I want to save my packets in pcap format and I cannot…
Ezra
  • 1,401
  • 5
  • 15
  • 33
0
votes
1 answer

Pointers and libPcap

Working with pcap I declare the rtp struct and when I try to point to this area of the packet I found that depending on my declaration, it works in a different way. I wrote this: struct udphdr *udp; struct rtphdr *rtp, *rtp2; udp = (struct udphdr*)…
Pablo
  • 69
  • 5
0
votes
2 answers

Why does Traffic generator tools use libpcap library?

libpcap is a packet capture library. It makes sense to me that packet sniffers/analyzers use it since they capture network traffic and analyze it. Why does a packet generator e.g Ostinato use libpcap? As far as I know, traffic generators do not need…
Fizza Hussain
  • 23
  • 3
0
votes
1 answer

Packet capture on wireless network (libpcap)

I have a small home network that I would like to analyze and capture the traffic on. What are my options for doing this? Ultimately, I would like to use a packet capture library, such as libpcap, to sniff the network in real-time as my router…
amoeba
  • 95
  • 4
  • 17
0
votes
1 answer

Packet is fragmented but the flags are on Don't Fragment

I have the following 2 TCP packets I'm picking up on winpcap: http://pastebin.com/FUAs3UZ7 or in a pcap format https://www.dropbox.com/s/0ss4j0weszy92no/SO.pcap Those 2 packets are to be reassembled, but their IP flags are "010", meaning "Don't…
Nitay
  • 4,193
  • 6
  • 33
  • 42
0
votes
1 answer

low level requirements for ethernet frame in linux

I'm developing a high-speed, high-resolution video camera for robotics applications. For various reasons I need to adopt gigabit ethernet (1Ge) or 10Ge to interface my cameras to PCs. Either that or I'll need to develop my own PCIe card which I…
honestann
  • 1,374
  • 12
  • 19
0
votes
1 answer

How portable is the output of pcap_compile?

pcap_compile() compiles a string into a filter program in the form of a bpf_program struct. In theory I could save the compiled form of the program and supply it to pcap_setfilter() on a different network interface or even on a different…
benzado
  • 82,288
  • 22
  • 110
  • 138
0
votes
3 answers

How can I capture and edit network packets on the fly with Perl?

Does someone know about a CPAN module on Win32 that captures network packets and edit them on the fly? As far as I know, the only Perl module on Win32 that deals with packets on the fly is Net::Pcap but it only support passive monitoring and not…
dan
  • 885
  • 2
  • 9
  • 18
0
votes
1 answer

error running a simple libpcap example

I am trying to compile a simple libpcap example, #include #include int main(int argc, char *argv[]) { char *dev; char errbuf[PCAP_ERRBUF_SIZE]; struct bpf_program fp; char filter_exp[] = "port 23"; bpf_u_int32 mask; …
user1653150
  • 353
  • 1
  • 3
  • 15
0
votes
1 answer

JNetPcap project

I have made a jNetPcap project for which the code is below: When I try executing the program I got this as result in the console tag: "Can't read list of devices, error is" and since jNetPcap depends on Libpcap C library which requires root…
N.B
  • 31
  • 1
  • 8
1 2 3
53 54